When you do client enrollment using ipa-client you can run it in several
ways:
- high level admin that has full privileges in IPA (recommended just for
demo and POC purposes)
- low level admin that has permission to provision systems. Such admin
does not have privilege to create the host entry during registration.
The entry must be there. The error you see above indicates that the host
entry does not exist.
- automated system. In this case the entry has to be precereated and one
can set or request IPA to generate a registration code that can be used
once as an OTP to register client.

So if you do things manually you need to create host entry first
manually on the server side.